From 6c0d4b1a04263964d195ddc51da1df488f7240f9 Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Wed, 15 Jan 2025 15:04:12 -0500 Subject: [PATCH] Disable SBOM monitoring features for GKE Autopilot (#1666) * Disable SBOM monitoring features for GKE Autopilot * simplify if cond * fix os-release-file volume --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/NOTES.txt | 16 +++++++++++++++- charts/datadog/templates/_container-agent.yaml | 6 +++--- .../templates/_daemonset-volumes-linux.yaml | 4 ++-- charts/datadog/templates/_helpers.tpl | 13 ++++++++++++- 7 files changed, 38 insertions(+), 9 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 61c6024e5..f68abe996 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.88.1 + +* Disable SBOM monitoring features for GKE Autopilot, as they are not supported + ## 3.88.0 * Set default `Agent` and `Cluster-Agent` version to `7.61.0`. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 63952f8db..efb7731a7 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.88.0 +version: 3.88.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index b2cefd2fc..7a23574f9 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.88.0](https://img.shields.io/badge/Version-3.88.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.88.1](https://img.shields.io/badge/Version-3.88.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/NOTES.txt b/charts/datadog/templates/NOTES.txt index 031e571b2..692d62f9b 100644 --- a/charts/datadog/templates/NOTES.txt +++ b/charts/datadog/templates/NOTES.txt @@ -424,6 +424,20 @@ The option is overriden to avoid mounting volumes that are not allowed which wou {{- end }} +{{- if or .Values.providers.gke.autopilot .Values.providers.gke.gdc }} + +{{- if or .Values.datadog.sbom.containerImage.enabled .Values.datadog.sbom.host.enabled }} + +####################################################################################### +#### WARNING: SBOM Monitoring is not supported on GKE Autopilot #### +####################################################################################### + +On GKE Autopilot environments, SBOM Monitoring is not supported. The options 'datadog.sbom.containerImage.enabled' and 'datadog.sbom.host.enabled' must be set to 'false'. + +{{- end }} + +{{- end }} + {{- if and (.Values.datadog.dogstatsd.useSocketVolume) (eq .Values.targetSystem "windows") }} ################################################################################### @@ -534,7 +548,7 @@ More information about this change: https://github.com/DataDog/helm-charts/pull/ {{- end }} -{{- if and (eq .Values.targetSystem "linux") (eq .Values.datadog.osReleasePath "") (eq (include "should-add-host-path-for-os-release-paths" .) "false") .Values.datadog.sbom.host.enabled }} +{{- if and (eq .Values.targetSystem "linux") (eq .Values.datadog.osReleasePath "") (eq (include "should-add-host-path-for-os-release-paths" .) "false") (eq (include "should-enable-sbom-host-fs-collection" .) "true") }} ################################################################# #### ERROR: Configuration notice #### ################################################################# diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index 151e1cebd..b356b010c 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -170,7 +170,7 @@ - name: DD_CONTAINER_IMAGE_ENABLED value: "true" {{- end }} - {{- if or .Values.datadog.sbom.host.enabled (eq (include "should-enable-sbom-container-image-collection" .) "true") }} + {{- if or (eq (include "should-enable-sbom-host-fs-collection" .) "true") (eq (include "should-enable-sbom-container-image-collection" .) "true") }} - name: DD_SBOM_ENABLED value: "true" {{- if eq (include "should-enable-sbom-container-image-collection" .) "true" }} @@ -188,7 +188,7 @@ {{- end }} {{- end }} {{- end }} - {{- if .Values.datadog.sbom.host.enabled }} + {{- if eq (include "should-enable-sbom-host-fs-collection" .) "true" }} - name: DD_SBOM_HOST_ENABLED value: "true" - name: HOST_ROOT @@ -292,7 +292,7 @@ mountPath: /host/var/lib/docker readOnly: true {{- end }} - {{- if .Values.datadog.sbom.host.enabled }} + {{- if eq (include "should-enable-sbom-host-fs-collection" .) "true" }} - name: host-apk-dir mountPath: /host/var/lib/apk readOnly: true diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index 4a2251f65..d4ec7904f 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -22,7 +22,7 @@ path: {{ .Values.datadog.systemProbe.osReleasePath | default .Values.datadog.osReleasePath }} name: os-release-file {{- end }} -{{- if and (eq (include "should-add-host-path-for-os-release-paths" .) "true") (or (eq (include "should-enable-system-probe" .) "true") .Values.datadog.sbom.host.enabled) }} +{{- if and (eq (include "should-add-host-path-for-os-release-paths" .) "true") (or (eq (include "should-enable-system-probe" .) "true") (eq (include "should-enable-sbom-host-fs-collection" .) "true")) }} - hostPath: path: /etc/redhat-release name: etc-redhat-release @@ -161,7 +161,7 @@ path: /var/lib/docker name: host-docker-dir {{- end }} -{{- if .Values.datadog.sbom.host.enabled }} +{{- if eq (include "should-enable-sbom-host-fs-collection" .) "true" }} - hostPath: path: /var/lib/apk name: host-apk-dir diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index 1d8b6819d..e372dd9a5 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -954,7 +954,7 @@ Create RBACs for custom resources Return true if SBOM collection for container image is enabled */}} {{- define "should-enable-sbom-container-image-collection" -}} - {{- if .Values.datadog.sbom.containerImage.enabled -}} + {{- if and (.Values.datadog.sbom.containerImage.enabled) (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc)) -}} {{- if not (eq (include "should-enable-container-image-collection" .) "true") -}} {{- fail "Container runtime support has to be enabled for SBOM collection to work. Please enable it using `datadog.containerRuntimeSupport.enabled`." -}} {{- end -}} @@ -964,6 +964,17 @@ Create RBACs for custom resources {{- end -}} {{- end -}} +{{/* + Return true if SBOM collection for host filesystems is enabled +*/}} +{{- define "should-enable-sbom-host-fs-collection" -}} + {{- if and (.Values.datadog.sbom.host.enabled) (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc)) -}} + true + {{- else -}} + false + {{- end -}} +{{- end -}} + {{/* Return true if language detection feature is enabled */}}